I'm looking for what people would like to see on the internal Hack Factory network. Hardware, software, and/or services. This is what I have on my list right now:

internal DNS server/namespace (factory.tcmaker.org?)

LDAP server

NAS (Openfiler?)

DHCP is already taken care of by the firewall, so we're good there. PFSense's DHCP server can feed options for PXE, tftpboot, and anything else we might need, so I don't see a good reason to not use it.

Not that I disagree with the Locked server room, and hardening of the Access points, but given some of our groups interest, I think that is like walking a 4 year old into a candy store and saying "just stand her for an hour, but do not eat any candy"

But as long as we have recovery plans, I am all for it.

IMO the NAS would have the high priority. (add in member shares with a gig max storage?)

I would also include network the plotter, and if it has ever been hooked up, the color laser. (if it is even still there)

I think there was an Asterisk server at one time, configured and ready to go. Not sure if it's still hanging around somewhere.

There's a ton of networking gear in the closet right now, and I can't see needing more than a few pieces for infrastructure. The rest can go to lab/class use.

I also think that lab equipment is the solution to keeping things (relatively) secure. As long as there's stuff available to mess with, fold, spindle and mutilate, hopefully no one will feel the need to mess with the restricted parts of the network. Also, keeping the infrastructure working and useful will keep people from monkeying with it. That was the problem with the earlier APs,but the ones Dave put up a few weeks back have been stable, and I haven't seen anyone messing with them.

So on the locked server area, we've been down this path before. I've sure we are all fine upstanding folks, but the space is not exactly 'secure' from any guy walking in off the street. I would like to get some stuff up for Brandon to keep things like membership info and it would be fun to play with allowing folks to carry balances to do kewl things like buy a Coke with your cell phone (which we are a freaking Maker space, if we can't set that up here, where can we?) There is a small amount of due diligence in taking some steps to secure that. Not saying that it would get hacked but I have yet to find a spot in the space where something won't get cables unplugged, moved, etc.

I don't think its too much to say that there should be an area or too that is not wide open. Yes there is locksport, but if someone decided that they needed to start doing that, we would have a very different issue on our hands.

"The right to be heard does not automatically include the right to be taken seriously."-- Hubert H. Humphrey

Not sure if it's there already or not, but integration between DHCP and DNS, such that when a client requests a lease with its hostname "foo", it then becomes accessible by internal DNS as foo.hf.tcmaker.org" or something. This would enable ssh/scp/ftp to the CNC machines for file transfer, something that sucks way less than using sneakernet with thumb drives.

It's either that or I run ethernet out to the shop and give my CNC machine (and the others, when online) static IPs. My end goal is to have all the CNC machines accessible by scp/ftp.

Also, as for the locked server space, we have ample room in the vault. All we need to do is stick a rack in there, right?

The problem with the vault is getting cabling in there. Those walls are thick, and solid (as far as I know ). IIRC Dave has a four-post rack available, if it has doors that should give us a decent way to limit access. If Dave doesn't have a rack, there's a half-height rolling rack/cabinet in my employer's warehouse that will be tossed out in a few weeks. It's got doors front and back.